Infrastructure: Grails application running on ec2 instance, tomcat listening on port 8080 and ec2 instance behind application load balancer. Problem: Spring security was re-directing all http requests to https. However, browser was stuck in re-direct loop and will eventually give up after trying a number of times. Following command confirmed re-direction issue. curl --location -v < load balancer url > Fix: The simple fix can be to change application load balancer listener to listen to port 80 instead of 8080. Tomcat can still listen to port 8080 and target groups can stay registered against 8080. Application load balancer would listen to 80 and redirect requests to ec2-instance, in target group, on port 8080. Spring Security will redirect requests to https and another listener of application load balancer, listening on 443, will serve these requests.